To finish this off, PDF even suppose anonymous encryption which the user does not need to know the password to operate the PDF. Now, we are really using the other end of the blade back at the AV. So the whole string will look like some rubbish instead.

Of course, some of the above can be effectively mix and match to morph your PDF payload, but it is very unlikely the encryption can be detected by AV. Unless the AV ban all /URI tags, but until then, PDF is ideal for phishing and other very bad things.